1. Field of the Invention
The present invention relates in general to the field of information handling system security, and more particularly to a system and method for implementing a one-time password at an information handling system.
2. Description of the Related Art
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
Information handling systems have made life easier for businesses and individuals by making information readily available. For example, end users access business accounts to transact all sorts of business at all hours of the day. On-line bank accounts provide individuals with access to finances for transferring funds and paying bills from home, from the office or from wireless hotspots located throughout the world. Employees have access to work files through Internet connections to enterprise servers to allow work from home or virtually any location having an Internet connection. In many instances, information sent through the Internet is highly sensitive. Often, a substantial risk exists if such sensitive information gets into the wrong hands. For example, an individual can have unauthorized withdrawals from compromised accounts and enterprises face liability to customers who are injured by illicit use of sensitive information. Generally, access to sensitive information is protected with passwords and encryption, however, passwords sometimes fall into the wrong hands and no encryption method is foolproof.
In order to provide increased security, enterprises are increasingly turning to a multi-factor authentication solution for employee and customer access to sensitive information, such as remote banking or remote access. Thus, in addition to the use of password protection, enterprises also require a One Time Password (OTP) to authorize access to sensitive information. OTPs are typically generated by algorithms running on dedicated hardware devices, such as a key fob that generates and displays an OTP valid for a single use. One problem with OTPs is that the use of dedicated hardware devices increases the expense and complexity of implementing an OTP verification system. For example, losing or misplacing a dedicated hardware device means that an end user cannot access information until the device is replaced and the account is reset. One solution for implementing OTP without a dedicated device is to run the OTP algorithm in application embedded in an information handling system. Such embedded systems typically present the OTP through a display or software interface from an operating system of application layer, however, communication of the OTP through an operating system or application layer makes the OTP vulnerable to exploitation, such as by hackers who have gained access to an information handling system through a malicious program running on the information handling system.